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(57) A method and an apparatus allowing to ensure 
protecting digital data are provided. 

In addition to re-encrypting the data by using an un- 
changeable key, the data is double re-encrypted by us- 
ing a changeable key. The changeable key is used first 
and the unchangeable key is then used, or in another 
case, the unchangeable key is used first, and the 
changeable key is then used, tn the aspect of embodi- 
ments, there is a case adopting a software, a case 
adopting a hardware, or a case adopting the software 
and the hardware in combination. The hardware using 
the unchangeable key developed for digital video is 
available. In adopting the software, encryption/decryp- 
tion is performed in a region below the kernel where the 
user cannot handle to ensure the security for the pro- 
gram and for the key used. More concretely, encryption/ 
decryption is performed in a filter driver, a device driver, 
i.e., a disk driver and a network driver, in an I/O manager 
and an RTOS using a HAL. Either one of two filter driv- 
ers, with a file system driver between them, may be used 
and further, both of them may be used. 
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Description 

FIELD OF THE INVENTION 

[0001] The present invention relates to a system for managing digital contents, and in particular, to a system used 
for managing copyrights of the digital contents, which claim the copyrights, and for protecting the secrecy of the digital 
contents so as to develop digital contents distribution and to realize digital contents economics. 

PRIOR ART 

[0002] Hitherto widely spread analog contents are deteriorated in quality each time when they are stored, copied, 
edited and transferred, and hence, no serious problem in the copyright occurs during these operations. However, the 
digital contents are not deteriorated in quality after repeatedly stored, copied, edited and transferred, and the control 
of the copyright is an important issue. 

[0003] Digital data such as digital video data, digital audio data, etc. is mostly supplied to users on pay basis by 
broadcasting, by a DVD, etc. In such a case, the data is encrypted and supplied to exclude the viewing without paying 
a fee. The encrypted and supplied digital data is decrypted by using a crypt key, which is supplied to the user by certain 
means, and the data is viewed. Because the quality of the decrypted digital data is not deteriorated even when it is 
stored, copied or transferred, if the data is stored, copied or transferred by the user, secondary viewing free of charge 
may occur. Re-use of the decrypted digital data contents is against the benefit of the data contents provider. In this 
respect, relating systems and equipments have been developed to prohibit re-using, i.e., secondary utilization such 
as storage, copying or transferring the digital data content. 

[0004] However, the prohibition of the secondary utilization comes less attractive for the users in using the digital 
data contents and it is now recognized that this may hinder the propagation of the use of the digital data contents, in 
this respect, it is now proposed to prevent illegitimate use by re-encrypting the decrypted digital data content so that 
the use of the digital data content is more attractive for the users. 

[0005] When the digital data, which is stored in a medium and is given or lent to a user or which is transferred to the 
user, is used for secondary utilization such as storing, copying or transferring it, it is impossible for the copyright owner 
to protect him(her)self the copyright of the digital data, which is at hand of the users. Therefore, it is required to protect 
the copyright automatically and forcibly by a certain method. 

[0006] Under such circumstances, the present inventor has made various proposals with the purpose of protecting 
the digital content copyrights. 

In Japanese Patent Laid-Open Publications 46419/1994 (GB-2269302; USSN 08/098,415) and 141004/1994 
(USP5,794,115; USP5.901 ,339), the present inventor has proposed a system for managing copyrights by obtaining a 
permit key from a key control center via a public telephone line, and also, an apparatus for such a purpose in Japanese 
Patent Laid-Open Publication 132916/1994 (GB-2272822; USSN 08/135,634). 

[0007] Also, in Japanese Patent Laid-Open Publications 271865/1995 (EP0677949A2; USSN 08/416,037) and 
1 85446/1 996 (EP0704785A2; USSN 08/536,747), a system for copyright management of the digital contents has been 
proposed. 

[0008] In these systems and apparatus, those who wish to view an encrypted program requests viewing to a man- 
agement center via a communication line using a communication device. Upon receipt of the request of viewing, the 
management center transmits a permit key and charges and collects a fee. 

Upon receipt of the permit key, the requestor transmits the permit key to a receiving device by on-line or off-line 
means. When the permit key is received, the receiving device decrypts the encrypted program by using the permit key. 
[0009] The system described in Japanese Patent Laid-Open Publication 271865/1995 (EP0677949A2; USSN 
08/416,037), uses a program for managing the copyright and copyright information, in addition to a key for the use 
permission, to manage the copyright of the digital contents in displaying ( including process to sound), storing, copying, 
editing and transferring the digital contents, including real-time transmission of digital video contents, in a database 
system. The program for copyright management watches and manages in a manner that the digital content is not used 
outside the permission or user's requests. 0 

[0010] Japanese Patent Laid-Open Publication 271 865/1 995 (EP0677949A2; USSN 08/41 6,037) describes that the 
digital content is supplied from a database in the encrypted state and is decrypted by the copyright management 
program only when it is displayed or edited, and is again in the encrypted state when it is stored, copied or transferred. 
Further, it describes that the copyright management program itself is encrypted and is decrypted by using a permit key, 
and the decrypted copyright management program performs decryption and encryption of the copyrighted data, and 
that, when utilization other than storing and displaying the data is performed, copyright information including information 
of a person who has performed the utilization is added to the original copyright information and stored as a history 
[0011] Japanese Patent Laid-Open Publication 287014/1996 (USP5,867,579; EP0715241 A2) has proposed an ap- 
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paratus for decryption/re-encryption having a configuration of a board, a PCMCIA card, an IC card or an IC for the 
copyright management and a crypt key escrow system. This application also describes the copyright management 
method applying to a video conference system and an electronic commerce system. USP5,805,706, also describes 
an apparatus for drcryption/re-encryption having a configuration of an IC. 
5 [001 2] Japanese Patent Laid-Open Publication 272745/1 996 (USPS ,646 ,999; EP0709760)has proposed a system, 
in which a copyright :»f original data of edited data by using a plurality of data and the copyright of edited data are 
protected by conf inning validity of the use request according to a digital signature on an edit program by combining a 
secret-key cryptosyrlom and a public-key cryptosystem. 

[0013] Japanese Patent Laid-Open Publication 288940/1 996 (USPS, 740, 246; EP071 9045A2)has proposed various 
10 forms for applying the copyright management system to a database system, a video-on-demand (VOD) system or an 
electronic commerce system. 

[0014] Japanese Patent Laid-Open Publication 329011/1996 (USP5,848,158; EP0746126A2)has proposed a sys- 
tem, in which copyrights of original data and new data are protected by using a third crypt key and a copyright label in 
case of using and editing a plurality of data. 
is [0015] As it can be understood from the data copyright management systems and the data copyright management 
apparatus proposed by the present inventor as described above, the management of data copyrights can be accom- 
plished by encryption/decryption/re-encryption and limiting the usage by the copyright management program. The 
cryptography technique and limitation of the usage can be realized by using a computer. 

[0016] In a case where secret information is exchanged via a network, the information is encrypted for preventing 
20 piracy. 

It is described in USPs5,504,81 8 and USP5,51 5,441 that the information piracy during transmission is prevented 
by encryption. Using a plurality of keys in such a case is described in USPs5,504 ( 816, 5,353,351, 5,475,757 and 
5,381,480, and performing re-encryption is described in USP5.479.51 4. 

[0017] The protection of the copyright in the secondary utilization of the digital data by the copyright management 
25 program can be realized by re-encryption/re-decryption of the decrypted digital data and by managing and performing 
the re-encryption/re-decryption by using the copyright management program. 

It is needless to say that as the means for carrying out re-encryption/re-decryption there are the cases where a 
software is used and where a hardware is used. 

[0018] Here, the operation to obtain encrypted data C from non-encrypted data M by using a key K is expressed as: 

30 

C=E (M, K), 

and to obtain decrypted data M from encrypted data C by using the key K is expressed as: 

35 

M=D (C, K). 

[0019] When re-encryption/re-decryption of the decrypted data M is repeated, re-encryption is expressed as: 

40 

Vi:C*=E (D(CM,KM) ( Ki), 
where i is a positive integer, and re-decryption is expressed as: 

45 

3 :M=D(E (Ci-1,Ki-1), Ki). 

[0020] Referring to Fig. 1 , description will be given on an arrangement of a set-top box (STB) conventionally proposed 
so and on a method for protecting the digital data performed in the set-top box. 

The description is not given here on peripheral circuits not directly related to encryption/decryption, e.g., an 
amplifier unit and a compression/decompression unit. 

[0021] In Fig. 1 , reference numeral 1 represents the digital data supplied by broadcasting means such as digital 
terrestrial wave broadcasting, digital CATV broadcasting, digital satellite broadcasting, etc., by network means such 
55 as Internet, or by a digital storage medium such as a DVD, a CD, etc. The data is encrypted by using a first changeable 
key K1 to prevent illegitimate use: 



3 
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C1=E (M, K1) 



and is supplied to a set-top box 2. 

*" ET? ^^^ted digital data C1 is supplied to the set-top box 2, the encrypted digital data C1 is decrvoted 
at a decryphon unrt 3 by using the first changeable key K1 obtained from a key cenZ via t!^^^T B 
different route from that of the encrypted digital data C1 : 

'0 M=D(C1,K1) 
and data M thus decrypted is outputted to a display unit 4 or the like 

[0023] In a case where the decrypted data M is stored in a medium such as a digital video disk fDVm ram or « h*rH 

VOrCO^E (M, KO) 
20 =E(D(C1,K1),K0) 

and re-encrypted data CO is stored in or transferred to an external device 8 

SSL'" 3 T?* re " encr yP ted data C0 is used ^ain, the re-encrypted data CO read from a storage medium 

unit 7 of the unchangeable key encryption/decryption unit 5: aecryption 



25 



as 



40 



45 



55 



3 :M=D (CO, KO) 
30 =D (E (D (CI, Kl), KO) 

and the deciypted data M is outputted to the display unit 4 or the like 

tho J!* 18 ^ ° rder ,0 e " SUre SeCUrtty ' tt be arranged in such a manncr ^at the re-encrypted data CO in 
the storage medium , ,s erased when the re-encrypted data CO is read from the storage medium via aroute shown 

^SSTaSS" that t !f ^ a9ain by USi " 9 the key KO is rlsfored * 

r«»« 1' ^ a " ,n,e 9 rated arcult f °' Performing re^ncryption/re-decryption is described 
Zr~L ^ ?>f C L P 38 arran9ed ab ° Ve ' itiseasy t0 "anclle because re-encryption/reKtecryption is automatical 

SUMMARY OF THE INVENTION 



St ? Pr0btem ' Present invention P rovides a method and an apparatus for double re-encrvotina 

the data by us.ng a changeable key in addition to encrypting by using an uncharge key. 

a „H «, u " ch i an 9 eab,e key and the changeable key, there are cases where the changeable key is used first 

andthe unchangeab.e key is then used, and where me unchanged key is used first and the ctengeSkey^tS 

^ US6d ^ Whe " """"VP** is used finally when decrypting, and accordingly even if data which is 

rT* ted ^ tenaly2ed - S6CUrity te high,y ensured - The "*> re - * ^change^key 
Z^t^T ' a " Un t ,an H eab,e tey iS ^ '"^encryption, the possibility that the changeable keffe kno™ 
oothers every low even when the unchangeable key has been known to the others 

[0028] in the aspects of the embodiments, there are the cases executed by a software and by a hardware and 

IP029] '"a^eexecutedbythesoftware,^^ 

decryphon « performed in a region under a kerne, whi* the users cann^ 
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tion is performed at a filter driver, a device driver, i.e., a disk driver/network driver, and a real-time OS using HAL in an 
I/O manager. There are two filter drivers with a file system driver interposed between them, and either one of the filter 
drivers may be used, or both may be used. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0030] 

Fig. 1 shows a general arrangement of a conventionally proposed set-top box; 

Fig. 2 shows a general arrangement of a first embodiment of the present invention applied to a set-top box; 
Fig. 3 shows a general arrangement of a second embodiment of the present invention applied to a set-top box; 
Fig. 4 shows a general arrangement of a third embodiment applied to an apparatus using a personal computer; 
Fig. 5 shows a general arrangement of a fourth embodiment applied to an apparatus using a personal computer; 
Fig. 6 is a drawing to give detailed explanation for the fourth embodiment; and 

Fig. 7 shows a general arrangement of a fifth embodiment applied to an apparatus using a personal computer. 

Fig. 8 shows a general arrangement of a sixth embodiment set-top box, which is a variation of the first embodiment; 

Fig. 9 shows a general arrangement of a seventh embodiment set-top, which is a variation of the sixth embodiment; 

Fig. 10 shows a general arrangement of an eighth embodiment using a personal computer, 

Fig. 11 illustrates a detailed description on the eighth embodiment; 

Fig. 12 illustrates an embodiment of a copyright management apparatus; 

Fig. 13 illustrates another embodiment of the copyright management apparatus; and 

Fig. 14 illustrates still another embodiment of the copyright management apparatus. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

[0031] The following describes embodiments of the present invention. 

[0032] Referring to Fig. 2, description will be given on an arrangement of a set-top box (STB) of a first embodiment 
of the present invention, and a method for protecting the digital data in the set-top box. 

[0033] In the set-top box of this embodiment, similarty to the case of the conventional set-top box example as shown 
in Fig. 1 , description is not given on peripheral circuits not directly related to encryption/decryption, e.g., an amplifier 
unit, a compression/decompression unit and an interface unit for the outside. 

[0034] The difference of the present embodiment from the conventionally proposed set-top box shown in Fig. 1 is 
that a changeable key encryption/decryption unit 1 9 for performing encryption/decryption by using a second changeable 
key K2 is inserted between an unchangeable key encryption/decryption unit 15 for performing encryption/decryption 
by using the unchangeable key K0 and a decryption unit 13. 

[0035] in Fig. 2, reference numeral 11 represents digital data supplied by broadcasting means such as digital ter- 
restrial wave broadcasting, digital CATV broadcasting, digital satellite broadcasting, etc., by network means such as 
Internet, or by digital storage medium such as a DVD, a CD, etc. The digital data is encrypted by using a first changeable 
key K1 to prevent illegitimate use: 

C1=E (M.K1) 

and is supplied to a set-top box 12. 

[0036] When the encrypted digital data C1 is supplied to the set-top box 1 2, the encrypted digital data C1 is decrypted 
at the decryption unit 13 by using the first changeable key K1 obtained from a key center via the same route as or via 
a route different from that of the encrypted digital data C1 : 

M=D (C1,K1) 

and the decrypted data M is outputted to a display unit 14 or the like. 

[0037] In a case where the decrypted data M, for which the copyright is claimed, is stored in an external device 1 8, 
i.e., in a medium of a digital video disk (DVD) RAM or a hard disk, or in a case where the data is transferred to the 
outside via a network, the decrypted data M is re-encrypted by using a second changeable key K2 at an encryption 
unit 20 of the changeable key encryption/decryption unit 19: 
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V2:C2=E (M,K2) 

=E(D(C1,K1),K2), 

lTZ£ e r ^"T ted data 02 is doub,e ^encrypted by using an unchangeable key K0 at an encryption unit 1 6 of 
the unchangeable key encryption/decryption unit 15: «»wypnon unint) ot 

V2-0:C2-0=E (C2, KO) 

=E (E (D (CI, Kl), K2), KO), 

™«, e ^ iS S,0red in eXtema ' dCViCe 18 ° r transfe ^ as double re-encrypted data C2-0 

So J," 6 d ° Uble """"VP** date <** « "sed again, the re-encrypted data C2-0 read from the 

Snn h,'T eXtemal deVi ° e 1 8 ° r franSferred Via a network fe ^decrypted at a decryptbn Z 17 Z Je 
unchangeable key encryption/decryption unit 15 by using the unchangeable key KO: 

32:C2=E (C2-0, KO) 

=D (E (E (D (C1,K1),K2),K0), 

'TnnJn r r' eC,yPted . dafa 02 iS deoypted b * usi "9 the seco "d changeable key K2 at a decryption unit 21 of the 
changeable key encryption/decryption unit 19: "«->ypuon unrr, oi tne 



3:M=D (C2.K2) 

=D (E (D (CI, Kl), K2), 
and the decrypted data M is outputted to the display unit 14 or the like 

,n L ft , S, ° rage medlUrn V ' a a route shown a broke " «" e in th e figure, the re-encrypted dataC2-0 

[0040] As described above, because the re^ncryption using the second changeable key K2 is performed before the 
re-encrypdon using the unchangeable key, even when the unchangeable key KO has bL ^nTS^Z^ 

S? 1 « tT' 6 ? USin9 the SCCOnd chan 9 eabl « ^y K2, it is very difficult to ayptanalyze the eSeTdlte 
by further finding out the second changeable key K2. me encrypted data 

K h MS °' 5 9 1 600 ^ Changeab,e ^ K 2 fe firet ** re-encryption, and it is again used for re-decryption after 

eSXmlnn^r ' ^ " " ^ 1 ^"^ ™ 1,16 «W" data * «•» •** 

CISL ln ^ ption of the «*«» embodiment, the encryption unit 20 and the decryption unit 21 are contained 

«J!!£fi?j£Z 66 ^ imPtement6d ^ Pr ° Wdin9 3 C ° mpU,er arra " gement haVina a C ™ a "« a 
PJ043] Now referring to Rg. 3 , ascription will be given on another arrangement of the set-top box which is a second 

[0044] In this second embodiment set-top box, similarty to the conventional set-top box example shown in Fia 1 

KHJtfJ? If**™* ° ,the j Second ^bodiment set-top box from the first embodiment set-top box shown in Fig 2 
• that the posrhon ,s replaced with each other between the unchanged key encryption/decryption unT^ for en 
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cryption/decryption using the unchangeable key KO and the changeable key encryption/decryption unit 39 for encryp- 
tion/decryption using the second changeable key K2. 

This unchangeable key encryption/decryption unit 35 for encryption/decryption using the unchangeable key KO 
is connected to a decryption unit 33 and a display 34, and an external changeable key encryption/decryption unit 39 
for encryption/decryption using the second changeable key K2 is connected to an external device 38. The second 
changeable key K2 may be supplied from the outside or may be generated in the set-top box. 
[0046] In Fig. 3, reference numeral 31 represents digital data supplied by broadcasting means such as digital ter- 
restrial wave broadcasting, digital CATV broadcasting, digital satellite broadcasting, etc., by network means such as 
Internet, or by a digital storage medium such as a DVD, a CD, etc. The data is encrypted by using a first changeable 
key K1 to prevent illegitimate use: 

C1=E (M, K1) 

and is supplied to a set-top box 32. 

[0047] When the encrypted digital data C1 is supplied to the set-top box 32, the encrypted digital data C1 is decrypted 
at the decryption unit 33 by using the first changeable key K1 obtained via the same route as or via a route different 
from that of the encrypted digital data C1 : 

M-D (C1.K1) 

and the decrypted data M is outputted to a display unit 34 or the like. 

[0048] In a case where the decrypted data M, which states the copyright, is stored in an external device 38, i.e., in 
a medium such as a digital video disk (DVD) RAM or a hard disk, etc., or is transferred to the outside via a network, 
the re-encrypted data 02 is re-encrypted by using the unchangeable key K0 at the encryption unit 36 of the unchange- 
able key encryption/decryption unit 35: 

V0:C0=E (M, K0) 

=E <D(C1, Kl),K0), 

further, the decrypted data M is double re-encrypted at an encryption unit 40 of the changeable key encryption/decryp- 
tion unit 39 by using the second changeable key K2: 

VO-2:C0-2=E (C0,K2) 

=E (E (D (CI, Kl), K0), K2), 

and double re-encrypted data CO-2 is stored in the external device 38 or transferred. 

[0049] In a case where the double re-encrypted data CO-2 is used again, the re-encrypted data CO-2 read from the 
storage medium of the external device 38 or transferred via a network is re-decrypted by using the external changeable 
key K2 at the re-decryption unit 41 of the external changeable key encryption/decryption unit 39: 

3:0:CO=E (CO-2, K2) 

=D (E (E (D (CI, Kl), K0), K2), 

further, the re-decrypted data CO is again re-decrypted by using the unchangeable key KO at a decryption unit 37 of 
the unchangeable key encryption/decryption unit 35: 
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3:M=D (CO.KO) 

=D (E (D (CI, K1),K0) 

and the decrypted data M is outputted to the display unit 34 or the like 

by further finding out the second changeable key KO K2 cryptanalyze the encrypted data 

[0053] In the description of this embodiment the encrvntinn unit ^ «, j 

unchangeable key encrvption/decrvotion Tit as anH th. ? decrypt™ unrt 37 are contained in the 

Wl D** «. CM. „ te „ 0tea „ 01 „„ ,„ ^ se ,. loi) bm ^ ^ ^ ^ empMrM ^ a ^ 

- *^££?£L' m ** m " * *- - < ™ bMI ™"» - - i— «~ .o 

using software. operated by controlling the hardware incorporated in the apparatus 

Son' oS r ££Z ^ ^ ^ a " ^ (OS) „ used, which manages the overall 

overall comput o^S of the functions of the operation system to manage the 

larger than before ^ Th6n ' * e 808,8 ° f 1,16 ° peratin 9 ^ iem has comparative* 

inconvenience for the user to use the computer. ^ a " d that may lead t0 

such as a security s^bsysZS kernel T ^ and a ^ 

operating system is cons^ « Sr^^t ? subsystem part, which depends on the user. And 
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operating system especially for embedding suitable for each of these units and devices. 

[0062] As a matter of course, the cost for development is increased when developing an operating system specialty 
for each of embedded different devices. For this reason, it is recently proposed to use a general-purpose operating 
system in the personal computer also for the embedded type real-time operating system. By arranging a program 
5 specific for embedded type in a subsystem combined with a micro-kernel, it is now practiced to obtain embedded type 
real-time operating system. 

[0063] Major functions of the operating system include task management such as scheduling or interrupt processing. 

The task management has mainly two different types in the operating system: single task type, which only per- 
forms one task processing at the same time, and multi-task type for performing a plurality of task processings at the 
10 same time. The multi-task type is divided to multi-task type where changeover of the task depends upon the task to 
be processed, and multi-task type not dependent upon the task to be processed. 

[0064] Among these, the single task type allocates one process to an MPU so that the MPU is not free until the 
process is completed. Non-preemptive multi-task type allows the MPU to be allocated a plurality of processes by time 
division, so that process is not executed unless the process in execution gives the control back to the operating system. 

'5 Preemptive multi-task type interrupts the process in execution at a certain time interval, so that the control is forcibly 
transferred to the other process. 

Therefore, real-time multi-tasking can be achieved onty by the preemptive type. 
[0065] The task management in the computer is carried out according to the process, which is a unit having system 
resources such as a memory, a file, etc., and the process is managed according to a thread, which is a unit to allocate 

20 CPU time with divided processes. In this case, the system resources are shared by all threads in the same process. 
This means that there are more than one thread to share the system resources in one process. 
[0066] Each task to be processed by the murti-task type has priority spectrum, which is generally divided to 32 steps. 
The normal task performing no interrupt is classified to dynamic classes, which are divided to 0 - 15 steps, and the 
task performing interrupt is classified to real-time classes to be divided to 1 6 - 31 steps. 

25 [0067] Interrupt processing is executed using interrupt enable time (normally 1 0 milliseconds) called as a "time slice" 
as a unit. Ordinary interrupt is executed at 10-millisecond time slice. 

[0068] Under such circumstances, a time slice has been recently proposed, in which interrupt enable time called as 
a "real-time slice" is 100 microseconds. If this real-time slice is used, it is possible to execute interrupt with priority to 
the conventional interrupt of 10 milliseconds. 

30 [0069] in a third embodiment shown in Fig. 4, changeable key encryption/decryption processing by a software and 
the management of a crypt key in the computer are carried out by a real-time OS in HAL. 

In Fig. 4, reference numeral 51 represents an operating system in a computer; 56 a display unit for displaying 
output from the computer; 57 an unchangeable key encryption/decryption unit; and 58 a data storage medium such 
as a digital versatile disk (DVD) RAM or a hard disk, or a data transfer system such as a network. 

35 [0070] The operating system 51 comprises an operating system service 52 and a system service API 53, which are 
a user region, and a kernel 54 and a HAL 55, which are a non-user region. The system service API 53 is arranged 
between the operating system service 52 and the kernel 54 and serves to mediate between the operating system 
service 52 and the kernel 54. The HAL 55 is arranged at the lowermost layer of the operating system 50 and serves 
to absorb differences between in the hardware for the software. 

40 [0071 ] The operating system service 52 comprises an application 59, a subsystem 60 and a security subsystem 61 . 
The kernel 54 comprises a plurality of micro-kernels 62 and 64 and a kernel 63. Micro-kernel 62 has task management 
functions such as scheduling, interrupt, etc., and the micro-kernel 64 has I/O management function. 
[0072] The micro-kernel 64 having I/O management function comprises an I/O manager 65, device drivers such as 
a disk driver 67 and a network driver 68, which are managed by the I/O manager, and a fitter driver 66 which is inserted 

45 when necessary between the I/O manager 65 and the device drivers such as the disk driver 67 and the network driver 68. 
[0073] The changeable key encryption/decryption processing in the computer is executed by a software. In case of 
the third embodiment, the changeable key encryption/decryption processing is carried out by the aforementioned real- 
time OS (FfTOS) with priority to other tasks at the HAL 55 in the operating system 51 . 

[0074] Similarly to the first embodiment shown in Fig. 2, digital data supplied by broadcasting means such as digital 
so terrestrial wave broadcasting, digital CATV broadcasting, digital satellite broadcasting, etc., by network means such 
as Internet, or by a digital storage medium such as a DVD, a CD, etc. is encrypted using a first changeable key K1 to 
prevent illegitimate use: 

^ C1-E(M,K1) 

and is supplied. The supplied encrypted digital data C1 ts decrypted by the operating system service 52 by using the 
first changeable key K1 provided from the key center via the same route as or via a route different from that of the 
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encrypted digital data C1 : 
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M=D (C1,K1) 

and the decrypted data M is outputted to the display unit 56 or the like 

vS.e Ilk ISSJXZZ Whfch C ' aimS ftS COpyright ' iS Stored in a medium ■«* - a digital 

J™? f ' ° r Where rt is lran » te ™d to outside via a network the decrypted data M 

.s mandatorily re-encrypted at HAL 55 by using a second changeable key K2: decrypted data M 

V2:C2=E (M.K2) 

=E (D (CI, Kl), K2). 

^ZrSZ^ 2 ' S d0Ub ' e " ^ UnChan9eable ^ -^n/decryption unit 57 by 

V2-0:C2-0=E (C2, K0) 

=E (E (D (CI, Kl), K2), KO), 

Dr^?rom e ,hT en tT ed ^ * S, ° red in a " eXtema ' deVice or trans,e " ed - changeable key K2 may be 
provided from the outside or may be generated in a set-top box V 

f the doub,e encrypted data C2-0 is utilized, the re-encrypted data C2-0 readfrom the storaqe medium 

network is r ~ tec,yp,ed usin9 the unchan9eab,e Key K0 at *• ""ch^tSS^SS 

32:C2=E (C2-0, KO) 

=D (E (E (D (CI, Kl), K2), KO). 

3:M=D (C2,K2) 

=D (E (D (CI, K1),K2), 
and the decrypted data M thus obtained is outputted to the display unit 56 or the like 

Sen^a^Al 0 ri i no»^ in ^ * ^ h ,he third «"**»™*. the real-time OS is 

jrno the externa, device or to be transferred. Also, re^nc^ZTperformed using^fs^nd cCe^kt S 
^ ISZXT*", Unchan 9 eable ke * K ° ^ a result, even « the unchanged key KoTstnow^ 

Ciirsssr by -* - - * «, : ^ 22 z 

JTT 8eC ° nd Changeable ** ^ "» us «« «rst and is then used after the unchangeable key KO has 

S7as^p°u;;^^ 

[0079] in a fourth embodiment shown in Fig. 5. the changeable key encryption/decryption by a software in the com 
puter is earned out at a filter driver 66 pteced in the UO management microkernel wTn the kernel 

F,g. 6 shows an arrangement of the I/O management micro-kernel 64 with the filter driver 66 placed in it. 
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[0080] In the I/O management micro-kernel with no fitter driver placed in it, a file system driver 69, an intermediate 
driver 70 and a device driver 71 are arranged from upper hierarchy to lower hierarchy. When necessary, a filter driver 
66A or a filter driver 66B is placed above the file system driver 69 or between the intermediate driver 70 and the device 
driver 71 . 

[0081] Because it can be designed to have these filter divers 66A and 66B perform re-encryption/re-decryption and 
management of the key, the filter drivers 66A or 66B is des'.rped to carry out the re-encryption/re-decryption processing 
and the key management in this embodiment. 

[0082] The filter driver is arranged, not in the operating s>stem service unit 52 which the user can handle, but in the 
kernel 54 which the user cannot handle. On the other hand, ft is generally practiced to make the specification change 
to fit for the computer using the operating system, in particular, it is not very rare to change the I/O manager therein. 
[0083] Utilizing the above, the modules having the function of re-encryption/re-decryption processing and the key 
management are placed in the I/O manager as the fitter driver 66A or the filter driver 66B in the fourth embodiment. 
[0084] Similarly to the first embodiment shown in Fig. 2, digital data supplied by broadcasting means such as digital 
terrestrial wave broadcasting, digital CATV broadcasting, digital satellite broadcasting, etc., by network means such 
as Internet, or by digital storage medium such as a DVD, a CD, etc. is encrypted using a first changeable key K1 to 
prevent illegitimate use: 

C1=E (M, K1) 

and it is supplied. The encrypted and supplied digital data C1 is decrypted by the operating system service unit 52 
using the first changeable key K1 provided from the key center via the same route as or via a route different from that 
of the encrypted digital data C1 : 

M=D (C1.K1) 

and the decrypted data M is outputted to the display unit 56 and the like. 

[0085] In a case where the decrypted data M, which states its copyright, is stored in a medium such as a digital 
versatile disk (DVD) RAM or a hard disk, or in a case where it is transferred to the outside via a network, the decrypted 
data M is mandatorily re-encrypted at the fitter driver 66A or 66B using the external changeable key K2: 

V2:C2=E (M, K2) =E (D (C1 , K1 ), K2). 

Further, the re-encrypted data C2 is double re-encrypted at the internal unchangeable key encryption/decryption unit 
57, using an unchangeable key K0: 

V2-0:C2-0=E (C2.K0) 

=E (E (D (C1,K1),K2), K0), 

and double re-encrypted data C2-0 is stored into the extemaJ device or transferred. The changeable key K2 may be 
provided from the outside or may be generated in a set-top box. 

[0086] When the double re-encrypted data C2-0 is utilized again, the re-encrypted data C2-0 read from the storage 
medium or transferred via the network is re-decrypted using the unchangeable key K0 at the internal unchangeable 
key encryption/decryption unit 57: 

3 2:C2=E (C2-0, K0) 

=D (E (E (D (CI, Kl), K2), K0). 

Further, the re-decrypted data C2 is decrypted at the filter driver 66A or 66B, using the second changeable key K2: 
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3 :M=D (C2, K2) 

=D (E (D (CI, Kl), K2) 
and the decrypted data M thus obtained is outputted to the display unit 56 or the like 

SS„„ ; ,,ter t driVe ; t f " be easil * P ,aced int ° the ke ^el of the operation system in a part of the I/O manager In 
ZSZS^JTT , n ?°** a/ ™*^ processing and the key management can be easiry incVpo- 
ZTr^LT T A,S0 ' SinCe ^V*™ is P erf0 ^d using the second changeable key K2 LoreThe 

l^^T T i" 9 unchan 9 eab,e ke V K °. e ™ « the unchangeable key K0 is known to others, it is very diffioutt 

MklJT^^l** S ^ nd h| Chan 9 eable ke V K0 «• ^ and is then, used after the unchangeable key 

go V ::^^^ 

•57 a « t ?^,f° Ve ° P rf erati0ns be easi * Elemented by arranging the unchangeable key encryption/decryption unit 
57 as a sub-computer structure having a CPU and a system-bus «-ryp«on unit 

b^ithlLV'^ emb ° d ' ment 8h0W " RS - ? ' ,he cha ngeable key encryption/decryption and the key management 
by a software ,n a computer are carried out at the disk driver 57 and the network driver 68 contained in the I/O man 
agement micro-kernel 64 in the operating system 51. wran 

E riri C!r7r dy eXP ' ain !f in C ° nneXi0n With Rg - 6 ' the fi,e Sys,em driver 69 ' »«* intermediate driver 70, and the 
SeTencrlfioXS °^ 

able key encrypt.orrfdecrypt.on processing and the key management can be carried out also in the device driver 71 
positioned at the lowermost layer. er n 

25 TV!, Simila ? y ,0 ^ flfSt embodi^len, snown in Fig. 2, the digital data supplied by broadcasting means such as 
ZT Tf ^ T br0adCaStin 9' C ATV broadcasting, digital satellite broadcasting, etc., by ^ork meaS 
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15 



30 



C1-E (M, K1) 



and it is supplied. The encrypted and supplied digital data C1 is decrypted by the operating system service unit 52 



M=D (C1, K1) 



and the decrypted data M is outputted to the display unit 56 or the like 

Sle SLk SSSJ!!" TVS? ^ M> WhiCh 843,68 ** ""^ fe St0red in 3 such - a «*- 

^1 m»nH T ^ ^ ° r 3 ^ " here * fe transferred •<» »he outside via a network, the decrypted 

stTc^^^ 

V2:C2=E (M,K2) 

=E (D (CI, Kl), K2). 

Further the re-encrypted data C2 is double re-encrypted at the unchangeable key encryption/decryption unit 57 usinc 
the unchangeable key K0 placed in the unchangeable key encryption/decryption unit 57: 

« V2-0:C2-0=E (C2, K0) 

=E (E (D (CljKD.K^KO), 



45 



50 



12 



EP 1 122 910 A1 



and double re-encrypted data C2-0 is stored in the external device or transferred. The changeable key K2 may be 
provided from the outside or may be generated in a set-top box. 

[0093] When the double re-encrypted data C2-0 is utilized again, the re-encrypted data C2-0 read from the storage 
medium or transferred via a network is re-decrypted using the unchangeable key KO at the internal unchangeable key 
encryption/decryption unit 57: 

32:C2=E (C2^>, KO) 

=D (E (E (D (CI, Kl), K2), KO). 

Further, the re-decrypted data C2 is decrypted at the device driver 71 , i.e., the disk driver 67 and the network driver 
68, using the changeable key K2: 

3:M=D (C2, K2) 

=D (E (D (CI, Kl), K2) 

and the decrypted data M thus obtained is outputted to the display unit 56 or the like. 

[0094] For the device driver, it is generally practiced to make the specification change to fit for the computer using 
the operating system or when the corresponding device has been modified. 

[0095] As the function of the re-encryption/re-decryption processing and the key management is incorporated into 
such the device driver, it allows to easily incorporate the function into the kernel of the operating system. Also, since 
re-encryption is performed using the second changeable key K2 before the re-encryption using the unchangeable key 
K0, even if the unchangeable key K0 is known to others, it is very difficult to cryptanalyze the encrypted data by finding 
out the second changeable key K2 because the data is also encrypted using the second changeable key K2. 
[0096] There is a possibility if the second changeable key K2 may be known to others, while it is repeatedly used. 
In such a case, it is preferably designed in such a manner that the second changeable key K2 used for encryption is 
abandoned and it is again generated when necessary for decryption, as described in Japanese Patent Laid-Open 
Publication 1 85448/1 996 (EP0704885A2, USSN 08/536,749). tf it is necessary to have the key for decryption , it should 
be obtained from the key center again. 

[0097] For the security purpose, K1 , K2 and K0 may be based on different crypt algorithm. 

These operations can be easily implemented by arranging the unchangeable key encryption/decryption unit 57 
as a sub-computer structure having a CPU and a system-bus. 

[0098] In the embodiments described above, the second changeable key K2 and the unchangeable key K0 are used 
in addition to the first changeable key K1 , In the embodiments described below, a third changeable key K3 is used 
additionally so that more reliable copyright management of digital contents is provided. 

[0099] Referring to Fig. 8, description will be given on an arrangement of a set-top box in a sixth embodiment of the 
present invention, which is a variation of the first embodiment, and also on a method for protecting digital data carried 
out in the set-top box. 

In the set-top box of this embodiment, similarly to the first embodiment set-top box, no description is given on 
peripheral circuits not directly related to encryption/decryption , e.g. , an amplifier unit and a compression/decompression 
unit. 

[0100] The set-top box of the sixth embodiment has a difference from that of the first embodiment in distinguishing 
between a case where the decrypted data M is stored in a storage medium 81 such as a hard disk, which is incorporated 
into or dedicated to the set-top box, and another case where the decrypted data M is stored in a removable medium, 
e.g., a DVD-RAM, in an external 82 or is transferred to the outside via a network. 

[0101] The internal unchangeable key encryption/decryption unit 15 and further a changeable key encryption unit 
80 are provided. In a case where the decrypted copyrighted data is stored, for example, in a hard disk as a storage 
medium 81 , which is incorporated into or dedicated to the set-top box, it is double re-encrypted using an internal 
unchangeable key K0. On the other hand, in a case where it is stored in a removable medium, i.e., a DVD-RAM, or is 
transferred to the outside via the network, it is double re-encrypted, not by the internal unchangeable key K0 but by a 
third changeable key K3. 

[0102] In Fig. 8, reference numeral 11 represents digital data, which is supplied by broadcasting means such as 
digital terrestrial wave broadcasting, digital CATV broadcasting, digital satellite broadcasting, etc., by network means 
such as Internet, or by a digital storage medium such as a DVD, a CD, etc. The digital data is encrypted using a first 
changeable key K1 to prevent illegitimate use: 



13 



EP1 122 910 A1 



C1=E (M, K1) 

and encrypted diartal data C1 



[01M] WhentheencrypteddigitaidataCI is suppled to the set top bor 12, the encrypted digital data C1 isdecrvoted 
at a decrypt™ unrt 1 3 using a first changeable key K1 obtained from „ key center ^ 



i a key center 

M=D(C1,K1) 



and the decrypted data M is outputted to a display unit 14 or the like 

[0104] In a case where the decrypted copyrighted data M is stored in a storage medium 81 such as a hard disk 
wh«h » .ncorporated into or is dedk^ted to the set-top box 12, or in a removabte medium sue* ^^SS^ 
ableTpv' 8 ^ ne *\ outs '^ e v ' a a network, the decrypted data M is re-encrypted at an encryption wit 20^of^change- 

ZZZ£:«%TX um 1 9 using a second chan96ab,e key * which - — 2 f ™ - k ~ e r 

V2:C2=E (M,K2) 

=E (D (CI, Kl), K2). 

He'Ll 8 t = o a !h7s^Lr h ^T 9 T ed ^ 02 iS S, ° red in 3 h " d *" ° f the S,0ra 9 e medium 81 *™rporated **» 
L k \f L P ' re - encr VPted data C2 is double re-encrypted at an encryption unit 16 of an 

SZZZTF* V ^^^"VPtion unit 15 using an unchangeable^ key K0 p^ in Tintema 
unchangeable key encryption/decryption unit 15: miemai 

V2-0:C2-0=E (C2.K0) 

=E (E (D (CI, Kl), K2), K0) 
S^nS 8 d .»u ble re ^ ncf yP ted data C2 -° •» stored in the storage medium 81 or the like 

S?LJ Tf 2 11 d t° Ub,e ^"^f data C2 -° stored in ,he medium 81 is utifeed, the re-encrypted data 

fy 2 T ♦ , ! ra9e med,Um 81 » decryp,ed usin 9 the ""Changeable crypt key K0 placed in a decryption unrt 
17 of the mtemal unchangeable key encryptton/decryption unit 15: decryption unrt 

3 2: C2=D (C2-0, KO) 

=D (E (E (D (CI, Kl), K2), KO) 
=E (E (D (CI, Kl), K2), 

ZZZto^ZTZ** USjn9 Changeab ' e ^ ^ 31 3 21 " - ^oab.e 

3:M=D (C2,K2) 

=D (E (D (CI, Kl), K2) 
and the decrypted data M is outputted to the display unit 14 or the like 

Sl^^ ^r ta h CflS °jJ n °^V° 6nSUre S8CUrily> Whe " data C2-0 is read from the storage medium 

to^? B 2T X 3 ,n ,i9Ure ' " 116 deSi9ned in 3 m "" r ** the encrypted dataTJ Z 

^^^^^^ 
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[0108] In a case where the re-encrypted data C2 is stored in a DVD-RAM of a removable medium, or it is transferred 
outside via a network at the externals 82, the re-encrypted data C2 is double re-encrypted using a third changeable 
key K3, which is obtained from the key center or generated in the set-top box 1 2, at a changeable key encryption unit 80: 

V 2^: C2-3=E (C2.K3) 

=E (E (M, K2), K3). 

[0109] When the double re-encrypted data C2-3 sent to the externals 82 is utilized, the double re-encrypted data 
C2-3 is decrypted using the third changeable key K3 stored at a decryption unit 84 of a changeable key encryption/ 
decryption unit 83: 

3 2:C2=D (C2^, K3) 

=D (E (M, K2), K3), K3) 
=E (M, K2), 

further, the re-encrypted data C2 thus obtained is decrypted using the second changeable key K2 at a decryption unit 
85 of the changeable key encryption/decryption unit 83: 

3:M=D (C2,K2) 

=D (E (M,K2),K2) 

and the decrypted data M thus obtained is outputted to a display unit 86 or the tike. 

These operations can be easily achieved by providing a sub-computer arrangement having a CPU and a system- 
bus in the set-top box 12. 

[0110] Referring to Fig. 9, description will be given on an arrangement of a set-top box of a seventh embodiment, 
which is a variation of the sixth embodiment, and also on a method for protecting digital data carried out in the set-top 
box. 

In the set-top box of this embodiment again, similarly to the sixth embodiment set-top box, no description is given 
on peripheral circuits not directly related to encryption/description, e.g., an amplifier unit and a compression/decom- 
pression unit. 

[0111] The seventh embodiment set-top box has difference from that of the sixth embodiment that the inserted po- 
sitions are exchanged between the unchangeable key encryption/decryption unit 15 for performing encryption/decryp- 
tion using the unchangeable key K0 and the changeable key encryption/decryption unit 19 for performing encryption/ 
decryption using the second changeable key K2, and that there is further provided a changeable key encryption unit 
87 for performing encryption/decryption using the second changeable key K2 for the case where the data is stored in 
a DVD-RAM of a removable medium or is transferred outside via a network at the externals 82. 
[0112] The digital data 11 , which is supplied by broadcasting means such as digital terrestrial wave broadcasting, 
digital CATV broadcasting, digital satellite broadcasting, etc., by network means such as Internet, or by a digital storage 
medium such as a DVD, a CD, etc., is encrypted using a first changeable key K1 in order to prevent illegitimate use: 

C1=E (M, K1) 

and encrypted digital data C1 is supplied to the set-top box 1 2. 

[01 13] When the encrypted digital data C1 is supplied to the set-top box 1 2, the encrypted digital data C1 is decrypted 
at the decryption unit 13 using the first changeable key K1 obtained from the key center. 

M=D (C1,K1) 
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and the decrypted data M thus obtained is outputted to the display unit 14 or the like 

dJk i ^ 7 h6re c °Py ri 9 hted an « decrypted data M is stored in the storage medium 81 such as a hard 

CO uZ^T H n, ° t0 ^ SeM ° P *" 12 ' deC ^ ted — M fe re-eroyptedto ienc^d" Sate 

u ig me unchangeable crypt key KO at the internal unnhann^ahio 

»> _ J JT *-.~, v^wwi y yj\.\\j 1 1 Ul III Id. 



V 0: C0=E (M, KO) 



=E (D (CI, Kl), KO). 

V0-2:C0-2=E (CO, K2) 

=E (E (M, KO), K2) 

3 0:C0=D(C0-2,K2) 

=D (E (CO, K2), K2), 

3M=D(C0,K0) 

=D (E (M, KO), KO) 

and the decrypted data M thus oblained is outputted to the display unit 14 or the like 

run^eS 
*aan^o*^ 

k^ K^TtllTZ^r? ' data M iS "™<*VPM t° encrypted data C3 using a third enable 

key K3 obtamed from the key center or generated in the set-top box 12 at the changeable key encryptiM eT 

V3:C3=E (M.K3) 

=E(D(Cl,Kl),K3). 

[0119J The re-encrypted data C3 is encrypted to double re-encrvoted data ? at tho rtnim m l. 
un« 87 using the second changeab,e key^obtained J^JTSE E 
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V3-2: C3-2=E (C3, K2) 

=E (E (D (CI, K1),K3),K2) 

5 

and the double re-encrypted data C3-2 is stored in the DVD-RAM or is transferred via a network in the externals 82. 
[0120] When the double re-encrypted data C3-2 sent to the externals 82 is utilized, the double re-encrypted data 
C3-2 is decrypted using the third changeable key K3 at the decryption unit 84 of the changeable key encryption/de- 
cryption unit 83: 

10 

3 3: C3-D (C3-2, K2) 

=D (E (C3,K2),K2), 

15 

further, the double re-encrypted data C2 thus obtained is decrypted using the third changeable key K3 at the decryption 
unit 85 of the changeable key encryption/decryption unit 83: 

20 3:M=D(C3,K3) 

=D (E (M, K3),K3) 

and the decrypted data M thus obtained is outputted to the display unit 86 or the like. 
25 [0121] In the above embodiment, the third changeable key K3 is used at the changeable key encryption unit 80 and 
the second changeable key K2 is used at the changeable key encryption unit 87, while this may be performed in reverse 
order. 

Also, it may be designed in a manner that the encryption unit 20 of the changeable key encryption/decryption 
unit 19 serves the function of the changeable key encryption unit 87. 

30 [0122] While description has been given on the above in the case where the encryption unit 1 6 and the decryption 
unit 17 are contained in the unchangeable key encryption/decryption unit 15 and the encryption unit 20 and the de- 
cryption unit 21 are contained in the changeable key encryption/decryption unit 1 9, it is needless to say that these units 
16, 17, 20 and 21 may be separately provided. 

These operations can be easily achieved by providing a sub-computer arrangement having a CPU and a system- 

35 bus in the set-top box 12. 

[0123] Description will be given on a variation, which is applied to an embodiment using a personal computer. 

This eighth embodiment shown in Fig. 10 is a variation of the fourth embodiment shown in Fig. 5. In the embod- 
iment, detailed description common to the fourth embodiment arrangement is not given here. 
[0124] The eighth embodiment has a difference from the fourth embodiment in distinguishing between the cases 

to where the decrypted data M is stored in a storage medium 81 such as a hard disk incorporated into or dedicated to 
the computer, and where it is stored in a removable medium 92 such as a DVD-RAM or is transferred outside via a 
network 93. 

[0125] For this purpose, changeable key encryption units 90 and 91 are provided as a hardware 88, In addition to 
the unchangeable key encryption/decryption unit 89. In a case where the copyrighted and decrypted data is stored in 

45 the hard disk 81 of the storage medium incorporated into or dedicated to the computer, it is double re-encrypted and 
decrypted using the unchangeable key K0 at the encryption/decryption unit 91 via a disk driver 67. In a case where 
the data is stored in the DVD-RAM 89 of the removable medium, it is double re-encrypted and decrypted using the 
third changeable key K3 at the encryption/ decryption unit 90 via the disk driver 67. In a case where the data is trans- 
ferred outside via the network 93, it is double re-encrypted and decrypted using the third changeable key K3 at the 

so changeable key encryption/decryption unit 91 via a network driver 68. 

[0126] Similarly to the first embodiment shown in Fig. 2, the digital data supplied by broadcasting means such as 
digital terrestrial broadcasting, digital CATV broadcasting, digital satellite broadcasting, etc., by network means such 
as Internet, or by a digital storage medium such as a DVD, a CD, etc. is encrypted using a first changeable key K1 to 
prevent illegitimate use: 

55 

C1=E (M, K1) 
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M=D(C1,K1) 

and the decrypted data M is outputted to the display unit 56 or the like 

thl^n 1 ". 03865 ^ 6 ' 6 ^ 6 ***** d3ta M fe St0rcd in the stora 9 e ™*ium 81 incorporated into or dedicated to 
the computer, such as a hard disk, where it is stored in a medium such as the DVD-RAM and where n££Z£Z£ 

S2LT a TT- me decryp,ed data M is r ~ ncrypted at a fiter driver « ^^ZZ^eteX 

obtained from the key center or generated in the operating system service 52: cnangeable key K2 

V2:C2=E (M,K2) 

=E(D(C1,K1),K2). 

sT ttl r^n™^TT ! he /^ e T rVPted ^ 02 iS St ° red 3 computer-incorporated or dedicated storage medium 
89 iZSSST B **'* re - enCTyPted USin ° " UnChan9eab ' e k6y K ° « the -'VPtion/decfypr S 

V 2-0:C2-0=E (C2, K0) =E (E (D (C1, K1), K2), K0) 
and double re-encrypted data C2-0 is stored in the hard disk 81 or the like 

c^L£^^u^TT ** C2 -° St ° red "» Stora 9 e medium 81 is the re^n- 

3 2: C2=E (C2-0. K0) =D (E (E (D (C1 , K1 ), K2), K0), 

^^^SZ C2 18 USin9 SeC ° nd Cha " 9eab,e * 31 fi " er *«' 66 ^ en- 

3: M=D (C2, K2) =D (E (D (C1 , K1), K2), 
and me decrypted data M is outputted by the operating system of the computerto the dfep.ay unit 56 orthe like to be 

Sh.™ ;tf nCryp,ed *** 02 fe >" a DVD-RAM of the removable medium, the re-encrypted data C2 
le lZZT^ US ' n9 M Chan96aWe ** 81 «» ^on/decryplnlnt^f 

V 2-3: C2-3=E (C2, K3) =E (E (D (C1 , K1 ), K2), K3) 
and double re-encrypted data C2-3 is stored in the removable medium, the DVD-RAM 

Sted datalS ?£S ^17^ ^ 023 in me removable medium 92 is utilized, the re- 

2 ^ ?^ fr0m 1,16 removable mediu ™ 92 is re-decrypted using the third changeable kev K3 obtained 
«^y~"terorgenera^ 

3 2: C2=E (C2-3, K3 =D (E (E (D (C1 . K1), K2), K3), 
further, the re-decrypted data C2 is decrypted using the second changeable key K2 at the filter driver 66 having en- 
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cryption/ decryption function: 

3: M=D (C2, K2) =D (E (D (C1 , K1 ), k2) 

5 

and the decrypted data M is outputted by the operating system of the computer to the display unit 56 or the like to be 
utilized. 

[0132] When the re-encrypted data C2 is transferred outside via the network 93, the re-encrypted data C2 is double 
re-encrypted using the second changeable key K2 at the encryption/decryption unit 91 : 

w 

V 2-3: C2-3-E (C2, K3) =E (E (D (C1 , K1), K2), K3) 

and double re-encrypted data C2-3 is transferred outside via the network 93. 
15 [01 33] in a case where the double re-encrypted data C2-3 transferred from the outside via the network 88 is utilized, 
the encrypted data C2-3 is re-decrypted using the third changeable key K3 at the encryption/decryption unit 91 : 

3 2: C2=E (C2-3, K3) =D (E (E (D (C1 , K1), K2) K3), 

20 

further, the re-decrypted data C2 is decrypted using the second changeable key K2 at the filter driver 66 having en- 
cryption/ decryption function: 

25 3 :M-D (C2 t K2) =D (E (D (C1 , K1 ) ( K2) 

and the decrypted data M is outputted by the operating system of the computer to the display unit 56 or the like to be 
utilized. 

[0134] In the above embodiment, in order to facilitate the explanation, it has been described that the encryption/ 
30 decryption units 90 and 91 are separate, while it is needless to say that these units may be a single unit. 

The encryption/decryption as described above is managed by a real-time OS (RTOS) as already explained, with 
priority to the other tasks at HAL 55 in the operating system 51 . 

These operations can be easily achieved by designing the hardware 88 as the sub-computer arrangement having 
a CPU and a system-bus. 

35 [0135] Fig. 11 shows a concrete arrangement of the encryption/ decryption using I/O management micro-kernel 64 
having the filter driver 66 which serves the changeable key encryption/decryption processing of the eighth embodiment. 
[01 36] In the I/O management micro-kernel 64, a file system driver 69, an intermediate driver 70, and device drivers, 
i.e., a disk driver 67 and a network driver 68, are arranged from upper hierarchy to lower hierarchy. When necessary, 
a filter driver 66A or a fitter driver 66B for performing changeable key encryption/decryption is inserted above the file 

40 system driver 69 or between the intermediate driver 70 and the device driver 

[01 37] Because these filter drivers 66A and 66B can perform re-encryption/re-decryption, it is designed to have the 
filter driver 66A or 66B carry out the re-encryption/re-decryption processing and the management of crypt keys in this 
embodiment. 

[0138] In cases where the copyrighted and decrypted data M is stored in a storage medium such as a hard disk, 
45 incorporated therein or dedicated thereto, where it is stored in a removable medium such as a DVD- RAM or where it 
is transferred outside via a network, the decrypted data M is re-encrypted at the filter driver 66A or 66B using the 
second changeable key K2 obtained from the key center or generated in the I/O management micro-kernel 64: 

w V2: C2=E (M, K2) =E (D (C1 , K1), K2). 

[0139] Further, in a case where the re-encrypted data C2 is stored in a computer-incorporated or -dedicated storage 
medium 81 , the re-encrypted data C2 is double re-encrypted using the unchangeable key K0 at the encryption/decryp- 
tion unit 89 in the hardware 88: 

55 

V2-0: C2-0=E (C2, K0) =E (E (D (C1 , K1), K2) ( K0) 
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and double re-encrypted data C2-0 is stored in the hard disk 81 or the like 

K7! JI 6 " ^ d ° Uble re " encrypted data C2 "° stored in the ^^ge medium 81 is utilized, the re-encrypted data 
^89* JliSEy mediUm 81 fe re " deCrVPted ^ ^ uncha "3 eable XO at the encryption/decrypted 

32:C2=E (C2-0, KO) =D (E (E (D (C1 , K1), K2), KO), 

^'n^ 6 ed data C2 fe decr VPted using the second changeable key K2 at the filter driver 66 having en- 

cryption/decryption function: ■■««■» bm 

3:M=D (C2, K2) =D (E (D (C1 , K1), K2) 

utilized deayPted datH M 18 ° UtPUtted ^ 1,16 ° Peratin9 SyStem ° f thC 0Qn,putor ,0 the display unit 56 or the ,ike to be 
[0141] Also in a case where the re-encrypted data C2 is stored in the removable medium such as a DVD-RAM the 
tT fe d ° Uble re " enc, VP ted usi "9 *• thin* changeable key k3 obtained from the key center or gen- 
erated in the I/O management micro kernel 64, at the encryption/decryption unit 90 in the hardware 88 



V2-3: C2-3=E (C2, K3) =E (E (D (CI. K1), K2), K3) 

and double re-encrypted data C2-3 is stored in a removable medium such as the DVD-RAM 

T* 42 L ^ d °. Uble re - encr yP ted data C2 " 3 sto ^d in the removable medium 92 is utilized, the re-encrypted 

££2? TJiT 1° ^T 3616 mediUm 92 18 re - decr VPted using the third changeable key K3 at the encryption/ 
decryption unrt 90 in the hardware 88: y 

3 2: C2=E (C2-3, K3) =D (E (E (D (C1 , K1), K2), K3), 

further, the re^ecrypted data C2 is decrypted using the second changeable key K2 at the filter driver 66 having en- 
cryption/decryption function: y 

3: M-D (C2, K2) =D (E (D (C1 , K1), K2) 

rtSZ dGCryPted ^ M 18 OUtPUtted ^ 0Pefatin9 BySlBm ° f *" t0 the disp,ay unit 56 or the ,ike to * 

ESo ' /!! 3 ^ ^ re " enCfypted data C2 te transferred outside via the network 93, the re-encrypted 

data C2 is double re-encrypted using the second changeable key K2 at the encryption/decryption unit 91 : 

V2-3: C2-3=E (C2, K3) =E (E (D (C1 , K1), K2) t K3) 
and double re-encrypted data C2-3 is transferred outside via the network 93 

[0144] When the double re-encrypted data C2-3 transferred from the outside via the network 93 is utilized the re- 
encrypted data C2-3 is decrypted using the third changeable key K3 at the encryption/decryption unit 91 : ' 

3 2: C2=E (C2-3, K3) =D (E (E (D (C1 , K1), K2), K3), 

further, the re-decrypted data C2 is decrypted using the second changeable key K2 at the filter driver 66 having en- 
cryption/decryption function: y 

3: M=D (C2, K2) =D (E (D (C1, K1), K2) 
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and the decrypted data M is outputted by the operating system of the computer to the display unit 56 or the like to be 
utilized. 

[0145] It is generally practiced that the specification of the device driver is changed to fit for the computer using the 
operating system or according to the corresponding device modified. 

s [01 461 ^ providing the device driver with the function for the re-encryption/re-decryption processing and the man- 
agement of a key, it allows to easily incorporate the function into the kernel of the operation system. Also, by re- 
encrypting the data using the second changeable key K2 before it is re-encrypted using the unchangeable key KO, it 
is very difficult to cryptanatyze the encrypted data, even if the unchangeable key is known to others, by finding out the 
second changeable key K2 because the data is also encrypted using the second changeable key K2. 

10 [0147] Further, because the second changeable key K2 is used first and then, is used after the unchangeable key 
KO is used, high security of the key is ensured. Because the second changeable key K2 is used first, it also strongly 
governs the encrypted data. 

When the second changeable key K2 is repeatedly used, there is a possibility if it may be known to others. In 
such a case, it is preferably designed in such a manner that the second changeable key K2 used for encryption is 

15 abandoned and it is again obtained from the key center or generated, when necessary for decryption, as described in 
Japanese Patent Laid-Open Publication 185448/1996 (EP0704885A2, USSN 08/536,749). 

[0148] In order to perform re-encryption/re-decryption of digital data as above, it is necessary to add, to the digital 
data, information to identify that storage or transfer of the digital data is restricted. In a case where the digital data is 
stored or transferred without being edited, illegitimate use of the digital data can be prevented by the method and the 
20 apparatus for re-encryption/re-decryption as described above. 

[0149] However, when the digital data is edited, there is a possibility that the information to identify the restriction of 
storage or transfer may be lost. 

[0150] In such the case, it may d be designed in a manner that all of the data are re-encrypted/re-decrypted using 
a key specific to the device (a master key). 
25 in so doing, even the digital data which has been edited, for example, by the "cut & paste" method, can be 

prevented from illegitimate use by re-encryption/re-decryption. 

[0151] Also, it may be designed in a manner that the digital data without the information to identify the restriction of 
storage or transfer only is re-encrypted/re-decrypted by using the master key, and that the digital data provided with 
the information to identify the restriction of storage or transfer is re-encrypted/re-decrypted using the method and the 

30 apparatus as explained in the above embodiments. 

[0152] In a case where the copyrighted and encrypted digital data is utilized in a specific device such as a set-top 
box, illegitimate storing, copying or transferring can be relatively easily prevented. Also, in a case where the copyrighted 
and encrypted digital data is utilized on a computer, the management of storing, copying or transferring the decrypted 
digital data can be executed by using the decryption/re-encryption apparatus described in Japanese Patent Laid-Open 

as Publication 287014/1996 (USP5,867,579; EP0715241A2) or by using the decryption/re-encryption apparatus de- 
scribed in USP5,805,706. 

[0153] However, the digital data decrypted for the purpose of displaying or printing is present on the bus of the 
computer, and it is possible to store, copy or transfer the decrypted digital data via a device connected to the bus. In 
the following, description will be given on a copyright management apparatus, which solves this problem. 
40 [0154] Fig. 12 shows a structural example of a copyright management apparatus, in which a first changeable key 
and a second changeable key are used. 

Also, this copyright management apparatus can be realized configured in a sub-board, a PCMCIA card, an IC 
card or an IC package for the purpose of security. 

[01 55] In Fig. 1 2, reference numeral 1 01 represents a CPU. A ROM 1 03, a RAM 1 04, a hard disk drive 1 05, a flexible 
45 disk drive 1 05, a CD-ROM drive 1 07, a modem 1 08, etc. are connected to a system-bus 1 02 connected to the CPU 1 01 . 
[0156] Reference numeral 109 represents a copyright management apparatus, which comprises a decryption/en- 
cryption unit 110, a video interface 113, an audio interface 114, and a printer interface 115. 

A display unit 116, a speaker 11 7 and a printer 118 are connected to the video interface 113, the audio interface 
114, and the printer interface 115 respectively on the outer side of the computer. 
so The decryption/encryption unit 110 comprises a decryption unit 111 and an encryption unit 112. 

[0157] The decryption unit 111 and the encryption unit 112 of the decryption/encryption unit 110 are connected to 
the system-bus 1 02 of the computer. The video interface 1 1 3, the audio interface 114, and the printer interface 1 1 5 are 
connected to the decryption unit 111. 

This arrangement can be easily achieved by designing the copyright management apparatus 109 as a sub- 
55 computer arrangement having a CPU and a system-bus. 

[0158] in cases where the decrypted digital data M is stored in the hard disk drive 105, where it is copied at the 
flexible disk drive 105 or where it is transferred via the modem 108, the decrypted digital data is re-encrypted using 
the second changeable key K2 at the re-encryption unit 115: 
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V2:C2=E (M,K2) 

=E fri (r.i m \ vo\ 

, , M I — — f f 

the ^encrypted I digital data C2 is supplied to the system-bus 102, and is stored in the hard disk drive iw, copied in 
the flexible disk drive 1 05 or transferred via the modem 1 08. 

KifrL J 6 en ?T!! d d i 9 ^f' d3ta 01 enCryPt8d USi " 9 the firBt cha ngeable K1 is supplied to the daeiyption unit 
111fromthesy S tem-bus102,andisdecryptedusingthefirstchangeablekeyK1: 



M=D(C1,K1). 



In a case where the decrypted digital data M is outputted to the display unit 116 or the speaker 117 it is turned 

ouZS J I!f!° interf ! Ce 113 3nd the 3Udi0 interface 114 in ,he ^Py^" 1 management apparatus 109 and is 
outputted in a predetermined signal form. 

When the decrypted digital data M is outputted to the printer 118, print data is outputted via the printer interface 



115. 



JT" T ^ 9M mana 9 ement apparatus 1 09 is used, the decrypted digital data other than the data out- 
putted to the printer is not present outside the copyright management apparatus 109. Because the data outputted to 

iXTiToT a ^ 

rnlfl] !" *! computer ' non-encrypted digital data is also present in addition to the decrypted digital data 
0162] In order to process the non-encrypted digital data and the decrypted data by distinguishing between them it 
is necessary to prov.de a video interface, an audio interface and a printer interface, and this would make the system 
morphea ted and costly. To avoid such situation, it may be designed in a manner that non-encrypted digitaldata 
ni£T^ t ! ' nterfaCe 113 and thS aUdi ° interface 114 in toe "Wright management system 109 

ab eL h?«2? ^HHr 0 ^?" 96 ™" 1 eXamp ' e ° f 8 C ° Pyri9ht man "9ement aPP^tus, in which an unchange- 
able key is used in addition to the first and the second changeable keys. 

This copyright management apparatus can be realized configured in a sub-board, a PCMCIA card an IC card 
or an IC package for security purpose. 

'?^ 9 ' I?' re,erencenumeral 101 represents a CPU. A ROM 1 03, a RAM 1 04, a hard disk drive 105 aflexible 
r«i«« Ve J?' 3 M driVe 107, 3 m0dem 108> etc " areconnect edtoasystem-bus102connectedtotheCPU101 
a tu? 20 h^r^Zrl 12 ,? TT 3 C0Pyri9ht mana 9 ement a PP aratus - ™e copyright management appa^ 
> 'I decryption/encryption unit 110, an unchangeable key encryption unit 121 , a crypt video 
interface 122, a crypt audio interface 123, and a crypt printer interface 124. 

The decryption/encryption unit 110 has a decryption unit 111 and an encryption unit 112 

«*» a i"oT C T t ! d di9te ' diSp,ay Unit 125, a " enCrypted di 9 itel audi0 P' 8 ^ 126 ' and «" encrypted digital 
* W^"™** outside «* *» computer, are connected to the crypt video interface 122, the crypt 
audio interface 123, and the crypt printer interface 124. »e«ypi 

EUIoL The rt dec,yPtion ' m V 11 and the e "«yp««>" ""it 112 of the decryption/encryption unit 1 10 are both connected 
to the computer system-bus 1 02. The unchangeable key encryption unit 121 is further connected to the decryption unit 

,h„ „H eayPt ^ interfaCe 122 ' thecr yP l a«dio interface 123, and the crypt printer interface 124 are connected to 
the unchangeable key encryption unit 1 21 . 

[ ? 167l ,J he enCrypled "** dis P |a y unit 125 fe connected to the crypt video interface 122, the encrypted audio data 
prirter !nterf^ n i2 < 4 ted ! ° ^ ™ "* ** encwtod data printer 127 fe connected to the crypt 

™,? e 8bWB arrang f nent 03,1 be easi * rea 'Ked by designing the copyright management apparatus 1 20 as a sub- 
computer arrangement having a CPU and a system-bus. 

[0168] The encrypted data display unit 125 has an unchangeable key decryption unit 128 connected to the crypt 

!£° ^ 12 5 3 ™ 131 ^""^ l ° ^ ""^eabte ^ decryption unit 128, and a display S 

116 connected to the D/A converter 131. u «. ui^wy unu 

int.rJI^T^™ aUdi ° data f ayer 126 h3S a " unchan B« bte ■«* decryption unit 129 connected to the crypt audio 
If ™ °° nVerter 132 connected to ""changeable key decryption unit 129, and a speaker 117 con- 
nected to the D/A converter 132. 

im»f The i ^ C T, ted *"* Printer 127 haS an uncha ngeable key decryption unit 130 connected to the crypt printer 
interface 124 and a pnnter 118 connected to the unchangeable key decryption unit 130. 
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It is needless to say that the encrypted data display unit 125, the encrypted audio data player 126 and the en- 
crypted data printer 127 have other components such as an amplifier. 

[01691 The encrypted digital data C1 encrypted using the first changeable key K1 is supplied to the decryption unit 
111 from the system-bus 102, and it is decrypted using the first changeable key K1 : 

M=D(C1,K1). 

[0170J When the decrypted digital data M is stored at the hard disk drive 105 or is copied at the flexible disk drive 
105 or is transferred via the modem 108, it is re-encrypted using the second changeable key K2 at the re-encryption 
unit 115: 

V2: C2=E (M, K2) 

-E (D <C1.K1),K2), 

the re-encrypted digital data C2 is supplied to the system-bus 102, and it is stored at the hard disk drive 105, copied 
at the flexible disk drive 105, or transferred via the modem 108. 

[01711 When the decrypted digital data M is outputted to the encrypted data display unit 125, the encrypted audio 
data player 1 26 or the encrypted data printer 1 27, it is re-encrypted using the unchangeable key KO at the unchangeable 
key encryption unit 121 in the copyright management apparatus 120: 

VO: C0=E (M,K0) 

=E (D (C1,K1),K0). 

The re-encrypted digital data CO is arranged to be provided to the encrypted data display unit 125, the encrypted 
audio data player 1 26 and the encrypted data printer 1 27 at the crypt video interface 1 22, the crypt audio interface 1 23 
and the printer interface 124 respectively, and an encrypted display signal CdO, an encrypted audio signal CaO and an 
encrypted print signal CpO are respectively outputted. 

[01 72] When the encrypted display signal CdO is inputted to the encrypted data display unit 1 25 from the crypt video 
interface 122, it is decrypted using the unchangeable key KO at the unchangeable key decryption unit 128: 

Md=D (CdO, KO), 

the decrypted display signal Md is converted to a displayable analog signal at the D/A converter 131 and it is displayed 
on the display unit 116. 

If the display unit 116 is a digital display unit, which can display the digital data as it is, the D/A converter 131 is 
unnecessary. 

[0173] When the encrypted audio signal CaO is inputted to the encrypted audio data player 126 from the crypt audio 
interface 123, it is decrypted using the unchangeable key KO at the unchangeable key decryption unit 129: 

Ma=D (CaO, KO), 

the decrypted audio signal MA is converted to a playable analog signal at the D/A converter 132, and it is played at 
the speaker 116. 

[01 74] The encrypted print signal CpO inputted to the encrypted data printer 1 27 from the crypt printer interface 1 24 
is decrypted using the unchangeable key KO at the unchangeable key decryption unit 130: 

Mp-D (CpO, KO) 

and the decrypted print signal Mp is printed by the printer 118. 

[0175] When this copyright management apparatus 120 is used, no decrypted data is present outside the copyright 
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management apparatus 1 20. 

[0176] As aforementioned, non-encrypted digital data is also present in addition to the decrypted diqital data in the 
computer. 

In OrriAftn nrnOOCC tho nf\n-e±ttr*n*r*trxfi rllnltnl *4n* n I *i i ... . . _. ... 

■ - — -- j, v~ — »iu u .. w iiicu^iypicuuiyiuiiufciLauyuisunguisningDeiweentnem 

it is necessary to provide a video interface, an audio interface and a printer interface, and this would make the system' 
more completed and costly. To avoid such situation, it may be designed in a manner that the non-encrypted digital 
data is processed at the unchangeable key re-encryption unit 121 of the copyright management apparatus 120 
[0177] Fig. 14shows another arrangement example of the copyright management apparatus, in which an unchange- 
able key encryption unit is provided to follow the video interface, the audio interface and the printer interface. 

The copyright management apparatus can be realized configured in a sub-board, a PCMCIA card, an IC card or 
an IC package for security purpose. 

[0178] In Fig. 1 4, reference numeral 101 represents a CPU. A ROM 1 03, a RAM 1 04, a hard disk drive 1 05 a flexible 
disk dnve 1 05, a CD-ROM drive 1 07, a modem 1 08, etc. are connected to a system-bus 1 02 connected to the CPU 1 01 
[0179] Reference numeral 140 represents a copyright management apparatus, which comprises a decryption/re- 
encryption unit 110, a video interface 113, an audio interface 114, a printer interface 141, and an unchangeable key 
encryption unit 134. 7 

The decryption/re-encryption unit 110 has a decryption unit 111 and an re-encryption unit 112 
The unchangeable key encryption unit 134 has an unchangeable key encryption unit for video 1 42, an unchange- 
able key encryphon unit for audio 136, and an unchangeable key encryption unit for print 137. The unchangeable key 
encrypt.on unrts for video, audio and print may be arranged in a single unit if it is available for sufficient encryption 
capacity. ,r 

[0180] The decryption unit 111 and the re-encryption unit 112 of the decryption/encryption unit 110 are connected to 
the system-bus 102 of the computer. Further, the video interface 113, the audio interface 114 and the printer interface 
1 1 5 are connected to the decryption unit 1 1 1 , and the unchangeable key encryption unit for video 1 35, the unchangeable 
key encryption unit for audio 136 and the unchangeable key encryption unit for print 137 are connected to these inter- 
faces. 

[0181] An encrypted digital video display unit 125, an encrypted digital audio player 126 and an encrypted digital 
data pnnter 127 arranged outside the computer are connected respectively to the unchangeable key encryption unit 
^ torvideo 1 35, the unchangeable key encryption unit for audio 1 63 and the unchangeable key encryption unit for print 

The above arrangement can be easily realized by designing the copyright management apparatus 1 20 as a sub- 
computer arrangement having a CPU and a system-bus. 

[0182] The encrypted data display unit 125 has an unchangeable key decryption unit 128 connected to the unchange- 
able key encryphon unit for video 135, a D/A converter 131 connected to the unchangeable key decryption unit 128 
and a display unit 1 1 6 connected to the D/A converter 131. 

The encrypted audio data player 126 has an unchangeable key decryption unit 129 connected to the unchange- 
able key encryption unit for audio 136, a D/A converter 132 connected to the unchangeable key decryption unit 129 
and a speaker 1 1 7 connected to the D/A converter 1 32. 

The encrypted data printer 127 has an unchangeable key decryption unit 130 connected to the unchangeable 
key encryption unit for print 137 and a printer 118 connected to the unchangeable key decryption unit 130 

ft is needless to say that the encrypted data display unit 125, the encrypted audio data player 126 and the en- 
crypted data printer 127 have other components such as an amplifier. 

[01 83] The encrypted digital data C1 encrypted using the first changeable key K1 is supplied to the decryption unit 
111 from the system-bus 102 and it is decrypted using the first changeable key K1 : 

M=D(C1,K1). 
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[0184] When the decrypted digital data M is stored at the hard disk drive 105 or copied at the flexible disk drive 105 
or transferred via the modem 1 08, it is re-encrypted using the second changeable key K2 at the re-encryption unit 115: 



V 2: C2=E (M, K2) 
k =E (D(C1,K1),K2), 

the re-encrypted digital data C2 is supplied to the system-bus 102, and it is then stored at the hard disk drive 105 
copied at the flexible disk drive 1 05 or transferred via the modem 1 08. 



24 



EP1 122 910 A1 



[0185] When the decrypted digital data M is outputted to the encrypted data display unit 125, the encrypted audio 
data player 126 or the encrypted data printer 127, the decrypted digital data M is arranged to digital data Md, Ma and 
Mp to be provided to the display unit 1 1 6, the speaker 1 1 7 and the printer 1 1 8 respectively at the video interface 131, 
the audio interface 132 and the printer interface 133 in the copyright management apparatus 120. Then, these digital 
data are encrypted using the unchangeable key K0 at the unchangeable key encryption unit for video 135, the un- 
changeable key encryption unit for audio 136 and the unchangeable key encryption unit for print 137: 

CdO=E (Md, K0) 



CaO=E (Ma, K0) 



CpO=E (Mp, KO) 

and the encrypted display signat CdO, the encrypted audio signal CaO and the encrypted print signal CpO are outputted. 
[0186] The encrypted display signal CdO is inputted to the encrypted data display unit 125 from the unchangeable 
key encryption unit for video 135, and it is decrypted using the unchangeable key KO at the unchangeable key decryption 
unit 128: 

Md-D (CdO, KO). 

The decrypted display signal Md is converted to a displayable analog signal at the D/A converter 131 , and is displayed 
on the display unit 1 1 6. 

If the display unit 116 is a digital display unit, which can display the digital data as it is, the D/A converter 131 is 
unnecessary. 

[0187] The encrypted audio signal CaO is inputted to the encrypted audio data player 126 from the unchangeable 
key encryption unit 136, and it is decrypted using the unchangeable key KO at the unchangeable key decryption unit 1 29: 

Ma=D (CaO, KO). 

The decrypted audio signal Ma is converted to a playable analog signal at the D/A converter 132, and is played at the 
speaker 116. 

[0188] The encrypted print signal CpO is inputted to the encrypted data printer 1 27 from the unchangeable key en- 
cryption unit 137, and it is decrypted using the unchangeable key KO: 

Mp=D (CpO, KO). 
The decrypted audio signal Mp is printed by the printer 118. 

[0189] When this copyright management apparatus 140 is used, no decrypted data is present outside the copyright 
management apparatus 120. 

[0190] As aforementioned, non-encrypted digital data is also present in addition to the decrypted digital data in the 
computer. 

In order to process the non-encrypted digital data and the decryption data by distinguishing between them, it is 
necessary to provide a video interface, an audio interface and a printer interface, and this would make the system 
more complicated and costly. To avoid such situation, it may be designed in a manner that the non-encrypted digital 
data is processed at the video interface 131 , the audio interface 132 and the printer interface 133 of the copyright 
management apparatus 140. 

A secret-key cryptosystem is often used as a cryptosystem for encrypting digital data. The most popular DES ( 
Data Encryption Standard) in the secret-key cryptosystems carries out encryption/decryption per 64-bit block unit of 
data. It is a typical block cipher method in the secret-key cryptosystem and has been widely adopted. Using this en- 
cryption/decryption per block processing allows to realize a more high speed errcryption/dectyption processing. 

In doing so, a plurality of encryption units and decryption units are provided in the era*yption/ctecryption unit It 
allows these plurality of encryption units and decryption units to be, in order, allocated the encryption/decryption 
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sySLd* ^ bl0CkS t0 ^ CanW ^ then ' encf yPtion/decryption processing results, thus obtained, are 

»icn »f brin9 lf supp ^ mental that * * Possible to use a respective crypt key for each data block and 
— r r o — o -jh-,o IC h, ,o. t*iui. uaia diock. "i nen, more highly securing the digital data is possible. 



Claintu 



1 ' f H Pr0t6Ctin9 < !! aypted di9tel data ' 10 WhiCh enc,ypted di 9 tel data is decypted, from Illegitimate use 

said method comprising the steps of : ' 

encrypting said decrypted digital data by using a changeable key to digital data re^ncrypted by the changeable 
Key, 

encrypting said digital data re-encrypted by the changeable key by using an unchangeable key in a device to 
digital data double re-encrypted by changeable-unchangeable keys to be stored, copied or transferred' 
decrypting said copied stored or transferred digital data double re-encrypted by changeable-unchangeable 
keys, by using said unchangeable key to digital data re-encrypted by the changeable key and 
*4gm*to di9ital ^ re " enC,ypted by * e cha "9 eable k ^y. by using said changeable key to said decrypt- 

2 ' ™l 0df0 t r K P ^ teCtin ? deCryP,ed di9ital **• t0 Which enwypted di 9 ital data is decr VP ted . «n»n illegitimate use, 

compnsing the steps of: 

encrypting said decrypted digital data by using an unchangeable key in a device to digital data re-encrypted 
by the unchangeable key; /r 
encrypting said digital data re-encrypted by the unchangeable key by using a changeable key to digital data 
double re-encrypted by changeable-unchangeable keys to be stored, copied or transferred- 
decrypting said copied, stored or transferred digital data double re-encrypted by changeable-unchangeable 
keys, by using said changeable key to digital data re-encrypted by the changeable key and 
decrypting said digital data decrypted by the changeable key key. by using said unchangeable key to said 
decrypted digital data. 

3 ' ^I?!l h ! d T"?!? 9 1 ° 1 ° r 2 ' Wherei " SaW Steps 0f encf yPt«ng and decrypting by using said changeable 
key are earned out by a software. 

4. The method according to claim 1 or 2, wherein said steps of encrypting and decrypting by using said changeable 
key are earned out by a hardware. 

5. The method according to claim 1 or 2, wherein said changeable key is supplied from the outside of a device. 

6. The method according to claim 1 or 2, wherein said changeable key is generated in a device. 

7. The method according to claim 1 or2, wherein said steps of encrypting and decrypting by using said unchangeable 

key are earned out by a software. 

8 " i^!Z m ^ !r ,r l n9t<> l Cla,m 1 ° r2 ' Wherei " Said8teps 0,en «yP«"9 anddecrypting by using said unchangeable 
key are earned out by a hardware. 

9. The method according to claim 1 or 2, wherein said unchangeable key is already placed in said device. 

10. The method according to claim 1 or 2, wherein said unchangeable key is generated in said device. 

11. The method according to claim 1 or2, wherein said unchangeable key is supplied from the outside of said device. 

12. The method according to claim 9, 10 or 11 . wherein said unchangeable key is specific to said device. 

13. The method according to claim 9, 10 or 11 . wherein said unchangeable key is not specific to said device. 



26 



EP 1 122 910 A1 

14. An apparatus for protecting decrypted digital data, to which encrypted digital data is decrypted, from illegitimate 
use, said apparatus comprising: 

a changeable key re-encryption unit for encrypting said decrypted digital data by using a changeable key to 
digital data re-encrypted; 

an unchangeable key encryption unit for encrypting said digital data re-encrypted by the changeable key by 
using an unchangeable key in a device to digital data double re-encrypted by changeable-unchangeable keys 
to be stored, copied or transferred; 

an unchangeable key decryption unit for decrypting said copied, stored or transferred digital data double re- 
encrypted by changeable-unchangeable keys, by using said unchangeable key to digital data re-encrypted 
by the unchangeable key; and 

a changeable key decryption unit for decrypting said digital data re-encrypted by the unchangeable key, by 
using said changeable key to said decrypted digital data. 

15. An apparatus for protecting decrypted digital data, to which encrypted digital data is decrypted, from illegitimate 
use, said apparatus comprising: 

an unchangeable key encryption unit for encrypting said decrypted digital data by using an unchangeable key 
in a device to digital data re-encrypted by the unchangeable key; 

a changeable key encryption unit for encrypting said digital data re-encrypted by the unchangeable key by 
using a changeable key to digital data double re-encrypted by changeable-unchangeable keys to be stored, 
copied or transferred; 

a changeable key decryption unit for decrypting said copied, stored or transferred digital data double re-en- 
crypted by changeable-unchangeable keys, by using said changeable key to digital data re-encrypted by the 
unchangeable key; and 

an unchangeable key decryption unit for decrypting said digital data re-encrypted by the unchangeable key, 
by using said unchangeable key to said decrypted digital data. 

16. The apparatus according to claim 14 or 15, in which encrypting and decrypting by using said changeable key are 
carried out by a software. 

17. The apparatus according to claim 14 or 15, in which encrypting and decrypting by using said changeable key are 
carried out by a hardware. 

18. The apparatus according to claim 14 or 15, wherein said changeable key is supplied from the outside of a device. 

19. The apparatus according to claim 14 or 15, wherein said changeable key is generated in a device. 

20. The apparatus according to claim 14 or 15, in which encrypting and decrypting by using said unchangeable key 
are carried out by a software. 

21. The apparatus according to claim 14 or 15, in which encrypting and decrypting by using said unchangeable key 
are carried out by a hardware. 

22. The apparatus according to daim 14 or 15, wherein said unchangeable key is already placed in said device. 

23. The apparatus according to claim 14 or 15, wherein said unchangeable key is generated in said device. 

24. The apparatus according to claim 14 or 15, wherein said unchangeable key is supplied from the outside of said 
device. 

25. The apparatus according to claim 14 or 15, wherein said unchangeable key is specific to said device. 

26. The apparatus according to claim 14 or 15, wherein said unchangeable key is not specific to said device. 

27. A methodfor protecting decrypted digital data, to which digital data encrypted by a first changeable key is decrypted, 
from illegitimate use, said method comprising the steps of: 
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:3 ti I S ngeSS! d di9ital ^ ^ USin9 3 SSCOnd Chan96able 10 di9ftal ^ re enCfyPted * *• 

12?^!?"™*!* . by S6COnd b V an unchangeable key in a 

•- .^.urypua, oy uncnangeaDie-second-changeable keys to be stored 

decryptrng sa.d stored digital data double re-encrypted by unchangeable-second-changeable keys by using 
sa,d unchangeable key to said digital data re-encrypted by the second changeable key 9 

Tf** ^ re *" CryPted by the Second ch angeable key by using a third changeable key to 
dqtal data double re-encrypted by third-changeable-second^hangeable keys to be copied or transferred 

J!^„ 9 J^ . d Cha " 9eable ke * to tffltal data re-encrypted by the second changeable key; and 

tod^?XlT^ 

from .llegrtimate use, said method comprising the steps of: aecrypted, 

s^cTngea^ C *" ^ ^ * ** * *" by ^ 

encrypting said digital data re-encrypted by the second changeable key by using an unchangeable key in a 
device to d-grtal data double re-encrypted by unchangeable-second^hangeable keys to be 
decrypting sa.d stored digital data double re-encrypted by unchangeable-second-changeable keys by using 
sard unchangeable key to said digital data re-encrypted by the second changeable key 9 

dSlT-H^K? 9 " 3 ' *** re -f nc, * )ted b * the sec °"1 changeable key by using a third changeable key to 
digrtal data double re-encrypted by third-changeable-second-changeable keys to be copied or transferred 
decrypting said cop.ed or transferred digital data double re-encrypted by third-changeable-second^hanqeable 
SiSl 9 ",; f an9eab,e tey t0 di9i,al ** b y *• second changeable S a„d 

from iltegrtimate use, sard method comprising the steps of: w ' 

blZ^ofh^ di9 H tel d3ta bV USin9 an uncha "9 eable ke V "» a device to digital data re-encrypted 
by JInH 1 9 m t V ' enC,yP,in9 Said di9ital da,a -"^ »y the unchangeable key by using a 
second changeable key to digital data double re-encrypted by second^hangeable-unchangeable keys Jo be 

SSSi^S St ° red di9 j te ' da 5 ***** re-encrypted by second-changeable-unchangeable keys by using 
sard second changeable key to digital data re-encrypted by the unchangeable key 

^^said digital data re-encrypted by the unchangeable key by using said unchangeable key to decrypt- 

SSS2." a |J t enC ^ ted di9ital by USi " 9 3 ftW cha "9 eable key to digital data re-enaypted by the 
^"^able key ^. and ern^ting said digital data re-encrypted by me third changeable key ^ 
double re-encrypted by second-changeable-third-changeable keys to be copied or transferred* 

^ Chan9eab ' e ^ * di9ital ^ *• third changeable key; a'nd 

SSdigtei £E rMnCfypted * *• «" «*-«-* ^ ^ using sak, third changeable key to 

from illegitimate use, said method comprising the steps of: aecrypiea, 

S^S^2?T d "f 1 *** b/ USi " 9 a " unchan 8" bte ^ in a device to digital data re-encrypted 
slid I SSEft a " de ^ ypting ^ di 9 ital data re-encrypted by the unchangeable key by Zg a 
second changeable key to digital data double re-encrypted by second^hangeable-unchangeable keys to be 

SS^H St ° red K digital da!a double r ^Wted by second^hangeable-unchangeable keys by using 
said second changeable key to digital data re^ncrypted by the unchangeable key 

decrypting said digital data re-encrypted by the unchangeable key by using said unchangeable key to decrypt- 
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ed digital data; 

encrypting said re-encrypted digital data by using a third changeable key to digital data re-encrypted by the 
third changeable key, and encrypting said digital data re-encrypted by the third changeable key to digital data 
double re-encrypted by second-changeable-third-changeable keys to be copied or transferred; 
decrypting sfiid copied or transferred digital data double re-encrypted by second-changeabie-third-changeable 
keys by using said second changeable key to digital data re-encrypted by the third changeable key; and 
decrypting said digital data re-encrypted by the third changeable key by using said third changeable key to 
decrypted oigital data. 

31. The method according to claim 27, 28, 29 or 30, wherein said steps of encrypting and decrypting by using said 
second changeable key are carried out by a software. 

32. The method according to claim 27, 28, 29 or 30, wherein said steps of encrypting and decrypting by using said 
second changeable key are carried out by a hardware. 

33. The method according to claim 27, 28, 29 or 30, wherein said second changeable key is supplied from the outside 
of a device. 

34. The method according to claim 27, 28, 29 or 30, wherein said second changeable key is generated in a device. 

35. The method according to claim 27, 28, 29 or 30, wherein said steps of encrypting and decrypting by using said 
third changeable key are carried out by a software. 

36. The method according to claim 27, 28, 29 or 30, wherein said steps of encrypting and decrypting by using said 
third changeable key are carried out by a hardware. 

37. The method according to claim 27, 28, 29 or 30, wherein said third changeable key is supplied from the outside 
of a device. 

38. The method according to claim 27, 28, 29 or 30, wherein said third changeable key is generated in a device. 

39. The method according to claim 27, 28, 29 or 30, wherein said steps of encrypting and decrypting by using said 
unchangeable key are carried out by a software. 

40. The method according to claim 27, 28, 29 or 30, wherein said steps of encrypting and decrypting by using said 
unchangeable key are carried out by a hardware. 

41 . The method according to claim 27, 28, 29 or 30, wherein said unchangeable key is already placed in said device. 

42. The method according to claim 27, 28, 29 or 30, wherein said unchangeable key is generated in said device. 

43. The method according to claim 27, 28, 29 or 30, wherein said unchangeable key is supplied from the outside of 
said device. 

44. The method according to claim 27, 28, 29 or 30, wherein said unchangeable key is specific to a device. 

45. The method according to claim 27, 28, 29 or 30, wherein said unchangeable key is not specific to a device. 

46. An apparatus for protecting decrypted digital data, to which digital data encrypted by a first changeable key is 
decrypted, from illegitimate use, said apparatus comprising: 

a second changeable key encryption unit for encrypting said decrypted digital data by using a second change- 
able key to digital data re-encrypted by the second changeable key; 

an unchangeable key encryption unit for encrypting said digital data re-encrypted by the second changeable 
key by using an unchangeable key in a device to digital data double re-encrypted by unchangeable-second- 
changeable keys to be stored; 

an unchangeable key decryption unit for decrypting said stored digital data double re-encrypted by unchange- 
able-second-changeable keys by using said unchangeable key to said digital data re-encrypted by the second 
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changeable key; 

a third changeable key encryption unit for encrypting said digital data re-encrypted by the second changeable 
*1 L 1' ?? .I - l _^ ! d i an9eabl ! key 10 d, ' 9ital data doub,e ^encrypted by third-changeable^econd^ange- 

a third changeable key decryption unitfor decrypting said copied ortransferred digital data double re-encrypted 
by th,rd«hangeable-second-changeable keys by using said third changeable key to digital data re-encrypted 
by the second changeable key; and 

a second changeable key decryption unit for decrypting said digital data re-encrypted by the second change- 
able key by using said second changeable key to decrypted digital data. 

4? ' Jlin? T f0r iI pr< ^ eC,in9 di9ital t° which digital data encrypted by a first changeable key is 

decrypted, from illegitimate use, said apparatus comprising: 8 ^ 

able key to digital data re-encrypted by the second changeable key 

an unchangeable key encryption unit for encrypting said digital data' re-encrypted by the second changeable 
key by using an unchangeable key in a device to digital data double re-encrypted by unchangeable-second- 
changeable keys to be stored; 

an unchangeable key decryption unit for decrypting said stored digital data double re-encrypted by unchange- 
cha^etbte tey an9eable *** * "** Unchan9eable ke * t0 ^ di 9« al data re-encrypted by the second 
a third changeable key encryption unit for encrypting said digital data re-encrypted by the second changeable 
key by using a third changeable key to digital data double re-encrypted by third-changeable-second^hange- 
able keys to be copied or transferred; a 

a third changeable key decryption unitfor decrypting said copied ortransferred digital data double re-encrypted 
by tbird-changeable-second-changeable keys by using said third changeable key to digital data re-encrypted 
by the second changeable key; and 

a second changeable key decryption unit for decrypting said digital data re-encrypted by the second change- 
able key by using said second changeable key to decrypted digital data. 

W H^™,^T , ° r ll pr ^ ectin 9 ^ta, to which digital data encrypted by a first changeable key is 

decrypted, from illegitimate use, said apparatus comprising: 

an unchangeable key encryption unit for encrypting said decrypted digital data by using an unchangeable key 
in a device to digital data re-encrypted by the unchangeable key, and a second changeable key encryption 
unit for encrypting said digital data re-encrypted by the unchangeable key by using a second changeable key 
to digital data double re-encrypted by second-changeable-unchangeable keys to be stored- 
asecondchangeable key decryption unit for decrypting said stored digrtaldata double re-encrypted by second- 
changeable-unchangeable keys by using said second changeable key to digital data re-encrypted by the un- 
changeable key, and an unchangeable key decryption unit for decrypting said digital data re-encrypted by the 
unchangeable key by using said unchangeable key to decrypted digital data- 

athird changeable key encryption unit for encrypting said re^ncrypted digital data by using a third changeable 
key to digital data re-encrypted by the third changeable key, and a second changeable key encryption unit for 
encryptng said d.grtal data re-encrypted by the third changeable key to digital data double re^ncrypted by 
second-changeable-third-changeable keys to be copied or transferred; and 

a second changeable key decryption unit for decrypting said copied or transferred digital data double re- 
encrypted ^by second^changeable-third^hangeable keys by using said second changeable key to digital data 
re^ncrypted by the th.rd changeable key, and a third changeable key decryption unit for decrypting said digital 
data re-encrypted by the third changeable key by using said third changeable key to decrypted digital data. 

49 " £3 8 h T f0r ll Pr< f Ctin9 deC,ypted di9ital **»■ to * hich di 9«al data encrypted by a first changeable key is 
decrypted, from illegitimate use, said apparatus comprising: a ^ 

an unchangeable key encryption unit for encrypting said decrypted digital data by using an unchangeable key 
in a dev.ce to digital data re-encrypted by the unchangeable key, and a second changeable key encryption 
unit for encrypbng said digital data re-encrypted by the unchangeable key by using a second changeable key 
to digital data double re-encrypted by second-changeable-unchangeable keys to be stored 
asecondchangeable key decryption unit for decrypting said stored digital data double re-encrypted by second- 
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changeable-unchangeable keys by using said second changeable key to digital data re-encrypted by the un- 
changeable key, and an unchangeable key decryption unit for decrypting said digital data re-encrypted by the 
unchangeable key by using said unchangeable key to decrypted digital data; 

a third changeable key encryption unit for encrypting said re-encrypted digital data by using a third changeable 
key to digital data re-encrypted by the third changeable key, and a second changeable key encryption unit for 
encrypting said digital data re-encrypted by the third changeable key to digital data double re-encrypted by 
second-changeable-third-changeable keys to be copied or transferred; and 

a second changeable key decryption unit for decrypting said copied or transferred digital data double re- 
encrypted by second-changeable-third-changeable keys by using said second changeable key to digital data 
re-encrypted by the third changeable key, and a third changeable key decryption unit for decrypting said digital 
data re-encrypted by the third changeable key by using said third changeable key to decrypted digital data. 

50. The apparatus according to claim 46, 47, 48 or 49, wherein said steps of encrypting and decrypting by using said 
second changeable key are carried out by a software. 

51 . The apparatus according to claim 46, 47, 48 or 49, wherein said steps of encrypting and decrypting by using said 
second changeable key are carried out by a hardware. 

52. The apparatus according to claim 46, 47, 48 or 49, wherein said second changeable key is supplied from the 
outside of a device. 

53. The apparatus according to claim 46, 47, 48 or 49, wherein said second changeable key is generated in a device. 

54. The apparatus according to claim 46, 47, 48 or 49, wherein said steps of encrypting and decrypting by using said 
third changeable key are carried out by a software. 

55. The apparatus according to claim 46, 47, 48 or 49, wherein said steps of encrypting and decrypting by using said 
third changeable key are carried out by a hardware. 

56. The apparatus according to claim 46, 47, 48 or 49, wherein said third changeable key is supplied from the outside 
of a device. 

57. The apparatus according to claim 46, 47, 48 or 49, wherein said third changeable key is generated in a device. 

58. The apparatus according to claim 46, 47, 48 or 49, wherein said steps of encrypting and decrypting by using said 
unchangeable key are carried out by a software. 

59. The apparatus according to claim 46, 47, 48 or 49, wherein said steps of encrypting and decrypting by using said 
unchangeable key are carried out by a hardware. 

60. The apparatus according to claim 46, 47, 48 or 49, wherein said unchangeable key is already placed in the device. 

61 . The apparatus according to claim 46, 47, 48 or 49, wherein said unchangeable key is generated in the device. 

62. The apparatus according to claim 46, 47, 48 or 49, wherein said unchangeable key is supplied from the outside 
of the device. 

63. The apparatus according to claim 46, 47, 48 or 49, wherein said unchangeable key is specific to said device. 

64. The apparatus according to claim 46, 47, 48 or 49, wherein said unchangeable key is not specific to said device. 

65. A method for protecting digital data from illegitimate use, said method comprising the steps of: 

determining whether said digital data is subject to be protected or not; 

encrypting said digital data determined being subject to be protected by using an unchangeable key in a device 
to digital data encrypted by the unchangeable key; 

storing, copying or transferring said digital data determined being not subject to be protected and said digital 
data encrypted by the unchangeable key; 
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it L St ° t red J , ™ 8feTOd ^ dalB encrypted by the "Changeable key by using said 

unchangeable key to deciypted digital data; and 

utilizing said stored, copied or transferred digital data and said decrypted digital data. 

66 - ^TZ^?*T*' wherein said steps 01 encrypan9 and «*™ in ° * said -™*««9-* 
67 iTISi^^h^: wherein said steps of encryptin9 and dec,yptin9 by usins > said uncha ^ ie 

M ' ^^JpSTT *?" ^ Whfch enC,VPtin9 3011 ^""a b * usi "9 said ""changeable key are con- 
trolled by identifying information which is added to said digital data. 

69 " Son^a!^ 
^'^rr^ 

71. The method according to claim 65, wherein said unchangeable key is already placed in a device. 

72. The method according to claim 65, wherein said unchangeable key is generated in the device. 

73. The method according to claim 65, wherein said unchangeable key is supplied from the outside of the device. 

74. The method according to claim 71 , 72 or 73, wherein said unchangeable key is specific to the device. 

75. The method according to claim 71 , 72 or 73, wherein said unchangeable key is not specific to the device. 

76. An apparatus for protecting digital data from illegitimate use, said apparatus comprising: 

determining means as to whether said digital data is subject to be protected or not 

means for encrypting said digital data determined being subject to be protected by using an unchangeable 

key in a device to digital data encrypted by the unchangeable key unchangeable 

i rtn9, C ° P, l i l 9 K 0r * ansfen1n 9 di 9 ftal date determined being not subject to be protected and 
said digital data encrypted by the unchangeable key; 

means for decrypting said stored, copied or transferred digital data encrypted by the unchangeable kev bv 
using said unchangeable key to decrypted digital data; and uncnangeaoie Key by 

means for utilizing said stoned, copied or transferred digital data and said decrypted digital data. 

11 ' ^SSS^Sl t0 **" 76 ' Wherei " a " d * »™9 ** d ""changeable key are 

78 2«Z7*:^T **" ?6 ' Wherei " enCfyPtin9 ^ deCryPtin9 * USi " 9 — ""changeable key are 

The t a n^ tU£ . i accordin 9 to a*" 76 - encrypting and decrypting by using said unchangeable key are 

controlled by identifying information which is added to said digital data ncnangeaoie key are 

^SnSor^" 910 ^ 

81 ' Sg^SoT^ 9 1 ° C ' aim * enCryPtin9 ^ deCfVPtin9 afe eBntod 0Ut by ° f ^n- 

82. The apparatus according to claim 76, wherein said unchangeable key is already placed in a device. 

83. The apparatus according to claim 76, wherein said unchangeable key is generated in the device. 
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84. The apparatus according to claim 76, wherein said unchangeable key is supplied from the outside of the device. 

85. The apparatus according to claim 82, 83 or 84, wherein said unchangeable key is specific to the device. 

86. The apparatus according to claim 82, 83 or 84, wherein said unchangeable key is not specific to the device. 
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FIG. 2 
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FIG. 3 
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FIG. 4 
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FIG. 6 



66B 



I/O MANAGER 



FILTER DRIVER 
(K2) 



iC2(M) 
_s 



"T 

:C2(M) 



FILE SYSTEM DRIVER 



C2(M) 



:C2(M) 



INTERMEDIATE DRIVER 
— ■ ( — 



^C2(M) 
, 1 



C2(M) 



FILTER DRIVER 
(K2) 



I C2 



_1 



t C2 



DEVICE DRIVER 



51 



69 



.70 



71 



C2 



C2 



* . ... 
HAL 


a 
• 


C2 


t 

St 




HARDWARE 






(K0) 




• 
• 


C2-0 


Tc2-0 

.. . 



55 



57 




39 



EP1 122 910 A1 



FIG. 7 
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FIG. 8 
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